.png?2.1.1 "Vokash")
.png "Trending")
8 hours ago
Follow ZDNET: Add america arsenic a preferred source connected Google.
ZDNET cardinal takeaways
- Linux firewalls tin beryllium very complicated.
- With nan thief of a GUI, firewall configuration is easier.
- These GUIs are easy to instal and free to use.
A firewall is often nan bosom and psyche of desktop security.
With a firewall, you tin artifact aliases let postulation successful and/or retired of your computer. Of course, it's nan incoming postulation that you request to beryllium astir concerned about. You don't want immoderate ne'er-do-well to spot larboard 25 unfastened connected your PC and usage it arsenic a measurement to get into your strategy and do bad things. To that end, your firewall is nan measurement you unopen those ports down.
Also: 6 elemental cybersecurity rules to unrecorded by
Back successful nan aged days, nan Linux firewall was a very analyzable portion of nan puzzle. To usage a Linux firewall successful those early days, you had to study nan very analyzable iptables system. Suffice it to say, that was not easy. I ever had to support copious notes connected really to usage iptables, and sometimes it moreover stumped me.
Fortunately, arsenic Linux evolved, firewalls became considerably easier. With nan likes of UFW (Uncommon Firewall) and firewalld, there's nary logic to moreover fuss pinch iptables connected nan desktop Both of those modern takes connected nan firewall (which really enactment arsenic intermediaries for iptables) connection simplified command-line usage.
Oh, wait... did I conscionable opportunity "command-line" for illustration it's a bully thing? Let maine locomotion that backmost a bit. Both of those modern takes connected nan firewall besides person GUI apps that make utilizing them moreover easier.
Also: Thinking astir switching to Linux? 9 things you request to know
I want to present you to 2 different firewall GUIs, 1 for UFW (the default firewall for Ubuntu-based distributions) and firewalld (the default firewall for Fedora-based distributions).
GUFW
GUFW is nan astir celebrated GUI for nan UFW and is nan perfect action for beginners. Although GUFW isn't ever installed by default, it tin beryllium recovered successful your distribution's app store, truthful it tin beryllium added pinch a azygous click. Once you've installed it, you mightiness moreover find that your firewall is abnormal (gasp!).
Yikes! The Ubuntu firewall is abnormal by default. Enable it asap.
Thankfully, GUFW makes managing your firewall very easy. To alteration nan firewall, click nan On/Off slider for Status, type your personification password erstwhile prompted, and nan firewall is enabled.
As you tin see, erstwhile you alteration nan firewall, location are nary rules, which intends thing tin get in. That's a bully thing. If you were to effort and unafraid ammunition into that firewall-enabled desktop, you wouldn't beryllium allowed. But what if you want to let SSH postulation through? If that's nan case, you request to adhd a norm to nan firewall, and GUFW makes that easy.
Also: 8 things you tin do pinch Linux that you can't do pinch MacOS aliases Windows
Click + astatine nan bottommost near of nan window. In nan resulting window, time off each of nan defaults, type SSH successful nan section nether Application, and make judge to prime nan SSH option. Click Add, and you're done. The default SSH larboard (22) is now unfastened to let postulation into nan machine.
The Advanced tab doesn't return precocious skills to use.
You tin further customize those rules by selecting nan Advanced tab successful nan Add a Firewall Rule window. In this tab, you tin prime an interface, specify an replacement larboard for SSH (if you've configured SSH to usage a non-standard port), specify a From IP reside (or scope of addresses) nan norm will use to, and alteration logging.
GUFW is easy capable for anyone to beryllium capable to power their firewall.
Firewall-Config
Firewall-Config is nan GUI for firewalld connected Fedora-based distributions. Like GUFW, this app isn't installed by default, but you tin adhd it from wrong your distribution's app shop by searching for firewall-config.
Now, Firewall-Config isn't astir arsenic easy to usage arsenic GUFW, but it's surely easier than learning nan ins and outs of nan firewall-cmd command. Once installed, unfastened Firewall-Config. You'll beryllium prompted for your user's password earlier it opens.
Also: You tin effort Linux without ditching Windows first - here's how
From nan main window, you'll spot a batch of tabs, including Zones, Services, IPSets, Ports, Protocols, etc. That could surely beryllium intimidating to users who aren't accustomed to dealing pinch firewalls.
Let maine simplify it for you. Say you want to permanently let SSH postulation into nan desktop machine. For that, do nan following:
- Select Permanent from nan Configuration drop-down.
- Click nan Services tab (the precocious one).
- Scroll down until you find SSH and double-click nan entry.
- Click Options > Reload Firewall.
The Firewalld GUI is simply a spot much challenging than GUFW.
At this point, you should beryllium capable to SSH into that instrumentality for nan existent zone.
As I mentioned, Firewalld is simply a spot much analyzable than UFW because you person to woody pinch truthful galore much options, specified arsenic Zones. A area defines a level of spot for a web connection, an interface, and a root address. For example, you tin configure nan location area (your soul LAN) to let incoming postulation from a circumstantial IP reside aliases scope of IP addresses, and past you tin configure circumstantial services to beryllium allowed. At nan aforesaid time, you tin configure nan nationalist area to not let immoderate postulation in.
You tin prime a default area from nan database and moreover group nan default zone. Out of nan box, nan default area is FedoraWorkstation, which rejects unsolicited incoming packets from ports 1 to 1024 (except for prime services that you tin add).
It tin get very complicated. If you'd for illustration an easier intends of managing nan firewall connected Fedora-based distributions, move to...
Cockpit
Cockpit is simply a web-based GUI and is disposable for Fedora and Ubuntu-based distributions. On Fedora distributions, Cockpit is typically installed by default and includes a Network module that allows you to edit firewall rules.
Also: How Cockpit tin thief you much easy negociate your Linux machines
Before you do this, you person to first alteration Cockpit pinch nan command:
sudo systemctl alteration --now cockpit
Once you've done that, constituent your browser to http://localhost:9090. You'll beryllium prompted to log successful pinch your user/password. Once you've done that, springiness yourself admin entree by clicking nan Administrative Access fastener adjacent nan top.
Cockpit makes moving pinch your firewall a spot easier.
With admin access, click Networking and past click "Edit rules and zones." You tin past adhd services (such arsenic SSH) by clicking "Add services" associated pinch a circumstantial zone.
You don't person each nan bells & whistles recovered successful Firewall-Config, but Cockpit should beryllium little intimidating.
The Cockpit return connected Firewalld isn't astir arsenic elastic arsenic Firewall-Config, but it's besides somewhat easier to use.
Although nan firewalld (and its associated GUIs) mightiness not beryllium astir arsenic easy arsenic UFW (and its associated GUIs), erstwhile you get nan bent of zones, you shouldn't person immoderate problem utilizing these tools.
English (US) · 
Indonesian (ID) ·